Fortunately for us servlet developers, it’s not always necessary for a servlet to manage its own sessions using the techniques we have just discussed. The Servlet API provides several methods and classes specifically designed to handle session tracking on behalf of servlets. In other words, servlets have built in session tracking.
The Session Tracking API, as we call the portion of the Servlet API
devoted to session tracking, should be supported in any web server
that supports servlets. The level of support, however, depends on the
server. The minimal implementation provided by the servlet classes in
JSDK 2.0 manages sessions
through the use of persistent cookies. A server can build on this
base to provide additional features and capabilities. For example,
Java Web Server has the ability to revert to using URL rewriting when
cookies fail, and it allows session objects to be written to the
server’s disk as memory fills up or when the server shuts down.
(The items you place in the session need to implement the
Serializable interface to take advantage of this
option.) See your server’s documentation for details pertaining
to your server. The rest of this section describe the
lowest-common-denominator functionality provided by Version 2.0 of
the Servlet API.
Session tracking is wonderfully elegant. Every user of a site is
associated with a
object that servlets can use to store or retrieve information ...